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TABLE 1202 - SPKI NAME ASSERTIONS 



Issuer 


Subject/Delegate 


Name 


Tech Corp. 


Device No. 123 


Music Player 


Cert Corp. 
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I e License 


intended meaning 


1) 


Am.W 




Alice may write the file. 


2) 


Am. Tn(Bob) 




Alice may do whatever Bob allows. 




-Am 1 !(W mf BobU 




Alice may write and do anything else Bob allows. 


4) 


Am. n{W,m(Bob)} 




Alice may write if Bob allows her to write. 




Am. n{W,m(Bob),m(Carl)} 




Alice may write if both Bob and Carl say she can. 




Am. if card{p € {Bob, Carl, Dave} 


1 B > 2 


Alice may read if any two of Bob, Carf, and Dave 




then R else N 




say she can. 


7) 


Am. if W C m(Bob) then R else N 




Alice may read if Bob says she may write. 


8) 


Am. if card{p \ R C m(p) } > 2 then R else N 


Alice may read if any two principals say she can. 






Figure 15, Example licenses 
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Figure 16. Example least fixpoint computations of MM^nion, 



p e Principal 

u e Auth 

m € AuthMap — Principal — ► Auth 

I € License = AuthMap — >^ Auth 

a € Assertion = Principal x License 

M^ss^i^j : V{Assertion) — AuthMap 
Mj^u,^{A) = lJp{>^m.Xp,\J{l{m) \(j>J)eA}) 

ME„si„ : Principal x Auth x V {Assertion) — ► Bool 
Figure 17, Framework 



n e Name 
V e Sexp 
t € Time 

u € Auth = V{Principal x {Name + Sexp) x Time) 

f e FullName = Principal x Name* 

s e Subject = FullName ^{lntxV{FullName)) 

d e Delegate = Bool 

X e Action 

TimePeriod ~ Time x Time 

NameAsseriion = Principal x Name x Subject x TimePeriod 

AuthAssertion ^ Principal x Subject x Delegate x Action x TimePeriod 

SPKIAssertion = NameAssertion -\- AuthAssertion 



M^„i^ : Action — > V{Sexp ) (omitted) 

Mr^iiP : FullName x AuthMap — * V{Principal x Time ) 
Mr,„p((p, \}),m) = {{p,t} 1 1 € Time] 

^^w({p,[no,nl,..,]),.n)==|(p^^) 3p^ J^r^^^^:^^^ \ 

MsubjF : Subject x AuthMap — ^ V {Principal x Time) 

Msui,jp(f, m) = MfuM, m) 

Ms^^A{k,F),m) = {(p,i) I < card{f e F \ (p,t) s m)}} 
Mj^g„te : NameAsseriion — > Assertion 

Mj,,,,Xp,n,s, {ti,t2)) = (p, Am. {(p',n,i) lh<t<t2 and (p',i) g M^;p(5,m)}) 
A^j^rfiA : FullName x AuthMap — > AufA 

A^^.a(/, 7n) = {(p, y, t) I 3y .y, i) e m) and (p^y^t) € m{p') } 

Msni,jA : Subject x AuthMap — > Auth 
MsutM^ m) = M^itA{fy m) 

Ms„,MKF),m) ==: {(p,y,t) | A; < card{f € F | {p,y,t) e Mj^(f,m)]} 

Ma^,^, : AuthAssertion — * Assertion 
M^,^{p,Syd,x, {ti,t2)) = (p J), where 

f (m) = / (p', y, 2/ ^ •^^....(^) and 1 1 < ^ < t2 1 
1 and if then {p\ y, t) e Ms.^,{s, m) else (p^ € m) / 



Figure 18, SPKI instantiation 



V € Value 

X e Action = ^{String x String ) 

Request = V {Principal) x Action 

u e Auth = Request — > Value 

z e Licensees 

c € Conditions 

KeyNoteAssertion — Principal x Licensees x Conditions 

Muc^s ' Licensees x (Principal — > Value) — >^ Value (omitted) 
Mccrd/nons : Conditions x Request — ^ Value (omitted) 

Mfcg^oie ' KeyNoteAssertion — > Assertion 

M^,,.(p,z,c) = {p,Am. X{P,x), n{Mco„,uU<^,x),Mu„nse4z,\p.m{p)(P,x))}) 
Figure 19. Key Note instantiation 



